Agile workflow and how it's (not?) used

I've been thinking about the Agile workflow recently, mainly due to pains employers I've worked for have had with implementation and delivery.  I've seen a number of places that miss the very first tenet of Agile:

Individuals and interactions over processes and tools

So many places I've worked for place far more stress on the processes and tools, i.e. how do we measure what Agile is doing for us, from Kanban boards to scrum sprints, the focus seems to be on measuring velocity, not on improving velocity.
More places seem to understand point 3

Customer collaboration over contract negotiation

I have worked for very few places that try to turn the thumb screws on over the letter of a contract, and most clients seem to understand that things evolve as they are developed and don't have a problem with updated payments.
Weirdly however lots of places still don't get point 4, even though they do get point 3:

Responding to change over following a plan 

Once a plan is in place, they will try to stick to it until the end beyond all reason.  I'm very curious as to the cause of this, or if it's just me seeing this.

Why you should put package-lock.json in source control

Simple, eliminate the "works on my machine" response from developers:

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

This will keep all the installed dependencies the same when you do npm i. If you don't, any packages you have in package.json will get their dependency tree based on what the package you're using specifies, i.e. it could be latest compatible (@^x.x.x) or anything.  And without a package-lock.json you're at the mercy of what your dependencies specify.